def modify_user_role(self, context, user, role, project=None, operation='add', **kwargs): """Add or remove a role for a user and project.""" if operation == 'add': if project: msg = _("Adding role %(role)s to user %(user)s" " for project %(project)s") % locals() LOG.audit(msg, context=context) else: msg = _("Adding sitewide role %(role)s to" " user %(user)s") % locals() LOG.audit(msg, context=context) manager.AuthManager().add_role(user, role, project) elif operation == 'remove': if project: msg = _("Removing role %(role)s from user %(user)s" " for project %(project)s") % locals() LOG.audit(msg, context=context) else: msg = _("Removing sitewide role %(role)s" " from user %(user)s") % locals() LOG.audit(msg, context=context) manager.AuthManager().remove_role(user, role, project) else: raise exception.ApiError(_('operation must be add or remove')) return True
def spawn(self, instance): """ Create a new VM and start it.""" vm = self._lookup(instance.name) if vm is not None: raise exception.InstanceExists(name=instance.name) user = manager.AuthManager().get_user(instance['user_id']) project = manager.AuthManager().get_project(instance['project_id']) #Fetch the file, assume it is a VHD file. base_vhd_filename = os.path.join(FLAGS.instances_path, instance.name) vhdfile = "%s.vhd" % (base_vhd_filename) images.fetch(instance['image_id'], vhdfile, user, project) try: self._create_vm(instance) self._create_disk(instance['name'], vhdfile) self._create_nic(instance['name'], instance['mac_address']) LOG.debug(_('Starting VM %s '), instance.name) self._set_vm_state(instance['name'], 'Enabled') LOG.info(_('Started VM %s '), instance.name) except Exception as exn: LOG.exception(_('spawn vm failed: %s'), exn) self.destroy(instance)
def generate_x509_for_user(self, context, name, project=None, **kwargs): """Generates and returns an x509 certificate for a single user. Is usually called from a client that will wrap this with access and secret key info, and return a zip file. """ if project is None: project = name project = manager.AuthManager().get_project(project) user = manager.AuthManager().get_user(name) msg = _("Getting x509 for user: %(name)s" " on project: %(project)s") % locals() LOG.audit(msg, context=context) return user_dict(user, base64.b64encode(project.get_credentials(user)))
def modify_project_member(self, context, user, project, operation, **kwargs): """Add or remove a user from a project.""" if operation == 'add': msg = _("Adding user %(user)s to project %(project)s") % locals() LOG.audit(msg, context=context) manager.AuthManager().add_to_project(user, project) elif operation == 'remove': msg = _("Removing user %(user)s from" " project %(project)s") % locals() LOG.audit(msg, context=context) manager.AuthManager().remove_from_project(user, project) else: raise exception.ApiError(_('operation must be add or remove')) return True
def setUp(self): super(XenAPIMigrateInstance, self).setUp() self.stubs = stubout.StubOutForTesting() FLAGS.target_host = '127.0.0.1' FLAGS.xenapi_connection_url = 'test_url' FLAGS.xenapi_connection_password = '******' db_fakes.stub_out_db_instance_api(self.stubs) stubs.stub_out_get_target(self.stubs) xenapi_fake.reset() xenapi_fake.create_network('fake', FLAGS.flat_network_bridge) self.manager = manager.AuthManager() self.user = self.manager.create_user('fake', 'fake', 'fake', admin=True) self.project = self.manager.create_project('fake', 'fake', 'fake') self.context = context.RequestContext('fake', 'fake', False) self.values = { 'id': 1, 'project_id': self.project.id, 'user_id': self.user.id, 'image_id': 1, 'kernel_id': None, 'ramdisk_id': None, 'local_gb': 5, 'instance_type_id': '3', # m1.large 'mac_address': 'aa:bb:cc:dd:ee:ff', 'os_type': 'linux' } fake_utils.stub_out_utils_execute(self.stubs) stubs.stub_out_migration_methods(self.stubs) stubs.stubout_get_this_vm_uuid(self.stubs) glance_stubs.stubout_glance_client(self.stubs, glance_stubs.FakeGlance)
def setUp(self): super(CloudTestCase, self).setUp() self.flags(connection_type='fake', images_path=IMAGES_PATH) self.conn = rpc.Connection.instance() # set up our cloud self.cloud = cloud.CloudController() # set up services self.compute = self.start_service('compute') self.scheduter = self.start_service('scheduler') self.network = self.start_service('network') self.manager = manager.AuthManager() self.user = self.manager.create_user('admin', 'admin', 'admin', True) self.project = self.manager.create_project('proj', 'admin', 'proj') self.context = context.RequestContext(user=self.user, project=self.project) host = self.network.get_network_host(self.context.elevated()) def fake_show(meh, context, id): return {'id': 1, 'properties': {'kernel_id': 1, 'ramdisk_id': 1}} self.stubs.Set(local.LocalImageService, 'show', fake_show) self.stubs.Set(local.LocalImageService, 'show_by_name', fake_show)
def describe_user_roles(self, context, user, project=None, **kwargs): """Returns a list of roles for the given user. Omitting project will return any global roles that the user has. Specifying project will return only project specific roles. """ roles = manager.AuthManager().get_user_roles(user, project=project) return {'roles': [{'role': r} for r in roles]}
def setUp(self): super(XenAPIVMTestCase, self).setUp() self.manager = manager.AuthManager() self.user = self.manager.create_user('fake', 'fake', 'fake', admin=True) self.project = self.manager.create_project('fake', 'fake', 'fake') self.network = utils.import_object(FLAGS.network_manager) self.stubs = stubout.StubOutForTesting() self.flags(xenapi_connection_url='test_url', xenapi_connection_password='******', instance_name_template='%d') xenapi_fake.reset() xenapi_fake.create_local_srs() xenapi_fake.create_local_pifs() db_fakes.stub_out_db_instance_api(self.stubs) xenapi_fake.create_network('fake', FLAGS.flat_network_bridge) stubs.stubout_session(self.stubs, stubs.FakeSessionForVMTests) stubs.stubout_get_this_vm_uuid(self.stubs) stubs.stubout_stream_disk(self.stubs) stubs.stubout_is_vdi_pv(self.stubs) self.stubs.Set(VMOps, 'reset_network', reset_network) stubs.stub_out_vm_methods(self.stubs) glance_stubs.stubout_glance_client(self.stubs, glance_stubs.FakeGlance) fake_utils.stub_out_utils_execute(self.stubs) self.context = context.RequestContext('fake', 'fake', False) self.conn = xenapi_conn.get_connection(False)
def setUp(self): """Setup users, projects, and start a test server.""" super(S3APITestCase, self).setUp() self.flags(auth_driver='nova.auth.ldapdriver.FakeLdapDriver', buckets_path=os.path.join(OSS_TEMPDIR, 'buckets'), s3_host='127.0.0.1') self.auth_manager = manager.AuthManager() self.admin_user = self.auth_manager.create_user('admin', admin=True) self.admin_project = self.auth_manager.create_project('admin', self.admin_user) shutil.rmtree(FLAGS.buckets_path) os.mkdir(FLAGS.buckets_path) router = s3server.S3Application(FLAGS.buckets_path) server = wsgi.Server() server.start(router, FLAGS.s3_port, host=FLAGS.s3_host) if not boto.config.has_section('Boto'): boto.config.add_section('Boto') boto.config.set('Boto', 'num_retries', '0') conn = s3.S3Connection(aws_access_key_id=self.admin_user.access, aws_secret_access_key=self.admin_user.secret, host=FLAGS.s3_host, port=FLAGS.s3_port, is_secure=False, calling_format=s3.OrdinaryCallingFormat()) self.conn = conn def get_http_connection(host, is_secure): """Get a new S3 connection, don't attempt to reuse connections.""" return self.conn.new_http_connection(host, is_secure) self.conn.get_http_connection = get_http_connection
def setUp(self): super(XenAPIMigrateInstance, self).setUp() self.stubs = stubout.StubOutForTesting() FLAGS.target_host = '127.0.0.1' FLAGS.xenapi_connection_url = 'test_url' FLAGS.xenapi_connection_password = '******' db_fakes.stub_out_db_instance_api(self.stubs) stubs.stub_out_get_target(self.stubs) xenapi_fake.reset() self.manager = manager.AuthManager() self.user = self.manager.create_user('fake', 'fake', 'fake', admin=True) self.project = self.manager.create_project('fake', 'fake', 'fake') self.values = { 'name': 1, 'id': 1, 'project_id': self.project.id, 'user_id': self.user.id, 'image_id': 1, 'kernel_id': None, 'ramdisk_id': None, 'instance_type': 'm1.large', 'mac_address': 'aa:bb:cc:dd:ee:ff', 'os_type': 'linux' } stubs.stub_out_migration_methods(self.stubs) glance_stubs.stubout_glance_client(self.stubs, glance_stubs.FakeGlance)
def setUp(self): super(ApiEc2TestCase, self).setUp() self.manager = manager.AuthManager() self.host = '127.0.0.1' self.app = ec2.Authenticate( ec2.Requestify(ec2.Executor(), 'nova.api.ec2.cloud.CloudController'))
def deregister_user(self, context, name, **_kwargs): """Deletes a single user (NOT undoable.) Should throw an exception if the user has instances, volumes, or buckets remaining. """ LOG.audit(_("Deleting user: %s"), name, context=context) manager.AuthManager().delete_user(name) return True
def index(self, req): user = req.environ.get('user') return { 'projects': [ project_dict(u) for u in auth_manager.AuthManager().get_projects(user=user) ] }
def describe_projects(self, context, user=None, **kwargs): """Returns all projects - should be changed to deal with a list.""" return { 'projectSet': [ project_dict(u) for u in manager.AuthManager().get_projects(user=user) ] }
def setUp(self): super(HyperVTestCase, self).setUp() self.manager = manager.AuthManager() self.user = self.manager.create_user('fake', 'fake', 'fake', admin=True) self.project = self.manager.create_project('fake', 'fake', 'fake') self.context = context.RequestContext(self.user, self.project)
def __init__(self, auth_url): self.auth_manager = manager.AuthManager() self.auth_url = auth_url self.project_name = None self.test_user = None self.setup()
def response_status(self, user, methodName): roles = manager.AuthManager().get_active_roles(user, self.project) ctxt = context.RequestContext(user.id, self.project.id, is_admin=user.is_admin(), roles=roles) environ = self._env_for(ctxt, methodName) req = webob.Request.blank('/', environ) resp = req.get_response(self.mw) return resp.status_int
def modify_project(self, context, name, manager_user, description=None, **kwargs): """Modifies a project""" msg = _("Modify project: %(name)s managed by" " %(manager_user)s") % locals() LOG.audit(msg, context=context) manager.AuthManager().modify_project(name, manager_user=manager_user, description=description) return True
def user(self): # NOTE(vish): Delay import of manager, so that we can import this # file from manager. from nova.auth import manager if not self._user: try: self._user = manager.AuthManager().get_user(self.user_id) except exception.NotFound: pass return self._user
def delete(self): nova_manager = manager.AuthManager() if os.access(os.path.join(self.conf.dbdir, self.name), os.R_OK): shutil.rmtree(os.path.join(self.conf.dbdir, self.name)) print ' deleted nova project key and environment' try: nova_manager.delete_project(self.name) print ' deleted nova project' except exception.ProjectNotFound as ex: print ex
def setUp(self): super(ConsoleTestCase, self).setUp() self.flags(console_driver='nova.console.fake.FakeConsoleProxy', stub_compute=True) self.console = utils.import_object(FLAGS.console_manager) self.manager = manager.AuthManager() self.user = self.manager.create_user('fake', 'fake', 'fake') self.project = self.manager.create_project('fake', 'fake', 'fake') self.context = context.get_admin_context() self.host = 'test_compute_host'
def tearDown(self): um = manager.AuthManager() # Delete the test project um.delete_project('testproj') # Delete the test user um.delete_user('testadmin') um.delete_user('testpmsys') um.delete_user('testnet') um.delete_user('testsys') super(AccessTestCase, self).tearDown()
def project(self): # NOTE(vish): Delay import of manager, so that we can import this # file from manager. from nova.auth import manager if not self._project: try: auth_manager = manager.AuthManager() self._project = auth_manager.get_project(self.project_id) except exception.NotFound: pass return self._project
def register_project(self, context, name, manager_user, description=None, member_users=None, **kwargs): """Creates a new project""" msg = _("Create project %(name)s managed by" " %(manager_user)s") % locals() LOG.audit(msg, context=context) return project_dict( manager.AuthManager().create_project( name, manager_user, description=None, member_users=None))
def __init__(self): self.auth_manager = manager.AuthManager() self.wsgi_server = None self.wsgi_apps = [] self.api_service = None self.services = [] self.auth_url = None self.project_name = None self.setup()
def update(self, req, id, body): context = req.environ['nova.context'] name = id manager_user = body['project'].get('manager_user') description = body['project'].get('description') msg = _("Modify project: %(name)s managed by" " %(manager_user)s") % locals() LOG.audit(msg, context=context) auth_manager.AuthManager().modify_project(name, manager_user=manager_user, description=description) return exc.HTTPAccepted()
def test_spawn_objectstore(self): # TODO(vish): deprecated from nova.auth import manager authman = manager.AuthManager() authman.create_user('fake', 'fake') authman.create_project('fake', 'fake') try: FLAGS.xenapi_image_service = 'objectstore' self._test_spawn(1, 2, 3) finally: authman.delete_project('fake') authman.delete_user('fake')
def _conn(context): # TODO(vish): is there a better way to get creds to sign # for the user? access = manager.AuthManager().get_access_key(context.user, context.project) secret = str(context.user.secret) calling = boto.s3.connection.OrdinaryCallingFormat() return boto.s3.connection.S3Connection(aws_access_key_id=access, aws_secret_access_key=secret, is_secure=False, calling_format=calling, port=FLAGS.s3_port, host=FLAGS.s3_host)
def update(self, req, id): context = req.environ['nova.context'] env = self._deserialize(req.body, req.get_content_type()) name = id manager_user = env['project'].get('manager_user') description = env['project'].get('description') msg = _("Modify project: %(name)s managed by" " %(manager_user)s") % locals() LOG.audit(msg, context=context) auth_manager.AuthManager().modify_project(name, manager_user=manager_user, description=description) return exc.HTTPAccepted()
def index(self, req): if urlparse.parse_qs(req.environ['QUERY_STRING']).get('defaults', False): return {'quota_set_list': [self._format_quota_set('__defaults__', quota._get_default_quotas())]} else: context = req.environ['nova.context'] user = req.environ.get('user') projects = auth_manager.AuthManager().get_projects(user=user) quota_set_list = [self._format_quota_set(project.name, quota.get_project_quotas(context, project.name)) for project in projects] return {'quota_set_list': quota_set_list}